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WHAT IS CLAIMED IS 



5 

1. A network access control method for a 
network system comprising: 

network apparatuses having packet 
filtering functions; 
10 a service server connected with an IP 

network via the network apparatus, providing a 
service to a user; 

a user terminal connected with the IP 
network via the network apparatus, for the user to 
15 utilize therethrough the service provided by said 
service server; 

a reception server connected with the IP 
network via the network apparatus, receiving an 
access from the user for said service server; and 
20 an access control server controlling the 

network apparatus, 

said method comprising the steps of: 

a) said reception server receiving access 
request information from said user terminal, and 

2 5 holding it; and 

b) said access controlling server 
performing traffic control such as to extract, basec 
on a processing capability of said service server 
and a traffic amount for said service server, such 

30 an amount of the access request information held by 
said reception server as that which said service 
server can optimally deal with, so as to allow the 
access for said service server. 



35 
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2. A network system comprising: 
network apparatuses having packet 
filtering function; 

a service server connected with an IP 
5 network via the network apparatus, providing a 
service to a user; 

a user terminal connected with the IP 
-network via the network apparatus, for the user to 
utilize the service provided by said service server; 
10 a reception server connected with the IP 

network via the network apparatus, receiving an 
access from the user for said service server; and 

an access control server controlling the 
network apparatuses, 
15 said reception server having an access 

registering part which receives access request 
information from said user terminal, and holds it; 
and 

said access controlling server having a 
20 filtering optimizing part which performs traffic 
control such as to extract, based on a processing 
capability of said service server and a traffic 
amount for said service server, such an amount of 
the access request information held in said access 
25 registering part as that said service server can 

optimally deal with, so as to allow the access for 
said service server. 



3. A reception server comprising: 

an access list holding access request 

information from a user terminal; 
35 a user profile holding user information 

including a user class for each user; 

an access receiving part receiving an 
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access from the user terminal; 

an access registering part registering 
access request information received via said access 
receiving part into said access list in order of the 
reception ; 

a user class extracting part extracting an 
IP address from the received access request 
information, and identifying the user by using the 
extracted IP address so as to extract the user class 
from said user profile; and 

a by-user-class registering part 
registering the access request information received 
via said access receiving part into said access list 
based on the user class extracted through said user 
class extracting part. 



4. The reception server as claimed in 
claim 3, further comprising: 

an estimated waiting time calculating part 
calculating an estimated waiting time, from the 
number of the users waiting, according to a position 
of said access list at which the access request 
received from the user terminal is registered; and 

an access information reporting part 
reporting the calculated estimated waiting time to 
the user, and reporting to the user that the access 
can be performed after the estimated waiting time 
has elapsed. 



5. The reception server as claimed in 
claim 3, further comprising: 
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an access confirming part determining 
whether or not the access request is to be 
registered in said access list, when waiting is 
needed, after receiving the access request from the 
5 user terminal ; and 

a waiting confirmation inquiring part 
inquiring to the user for said access confirming 
part to make the determination. 



6. An access control server comprising: 

a access information database holding 
15 information concerning a processing capability of a 
service server and a maximum permissible access 
number calculated based on the processing capability 
of the service server; 

a traffic control part controlling a 
20 network apparatus; 

a static permissible access number 
calculating part calculating the maximum permissible 
access number based on the information concerning 
the processing capability of the service server; and 
25 a filtering optimizing part reading such 

an amount of access request information from an 
access list holding the access request information 
from user terminals in a reception server, from the 
top, as that for the maximum permissible access 
30 number, producing packet filtering setting 

information for the users making access requests to 
be able to access to the service server, and setting 
the produced information in the network apparatus 
via said traffic control part. 
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7 . The access control server as claimed 
in claim 6, further comprising: 

a load and traffic monitoring part 
monitoring a load condition of the service server 
5 and a traffic condition of a network apparatus 
holding the service server; and 

a dynamic permissible access number 
calculating part^ periodically performing 
communication with said load and traffic monitoring 
10 part so as to extract therefrom information of the 
load condition and traffic condition, and calculate 
the maximum permissible access number therefrom, and, 
also, registering the calculated maximum permissible 
access number in the access information database. 

15 



8. The access control server as claimed 

20 in claim 6, further comprising: 

a control information database holding 
control information which is used as a guideline for 
reading the access request information from the 
access list; and 

25 a by-user-class access request reading 

part reading the access request information from the 
access list for each user class based on the control 
information extracted from said control information 
database, when the filtering optimizing part reads 

30 such an amount of the access request information 
from the access list as that for the maximum 
permissible access number, in a case where the 
access request information is registered in the 
access list by user class. 

35 
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9 . The access control server as claimed 
in claim 6, further comprising: 

an effective timer setting part setting an 
effective timer for the access request information 
5 when the packet filtering setting information is 
produced; and 

a filtering canceling part canceling the 
packet filtering control set in the network 
apparatus, when the effective timer has expired. 

10 



10. A service server connected with an IP 
15 network via a network apparatus and providing a 
service to a user, comprising: 

a session finish determining part 
determining that a session performed with a user 
terminal has finished; and 
20 a session finish reporting part reporting 

to an access control server that the session 
performed with the user terminal has finished. 



11. The reception server as claimed in 
claim 3, further comprising a user authenticating 
part determining, based on the user class extracted 
30 through the user class extracting part, whether or 
not the received access request is given from an 
unallowed user, and, reporting, when the access 
request is given from the unallowed user, this 
matter to the access control server. 
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12. The access control server as claimed 
in claim 6, further comprising an access unallowance 
filtering setting part producing, based on a report 
from the user authenticating part of the reception 
server claimed in claim 11, the packet filtering 
setting information of access unallowance for the 
service server, and setting the produced information 
in the network apparatus. 



